Expert Advice: How to Keep Your Family Safe Online
Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.
As technology evolves and our devices continue to become more connected, it becomes even more important to be aware of what information you post online, as it only takes one post to be at risk of a cyberattack. Being aware of cybercriminals isn’t enough though, you must continuously understand, secure, and maintain your digital profile and keep consistent healthy digital habits.
The emphasis this year for National Cybersecurity Awareness Month is personal accountability; and the importance of taking proactive steps to enhance cybersecurity at home, at school, and in the workplace. The theme – Own IT. Secure IT. Protect IT. – focuses on key areas including citizen privacy, consumer devices, and e-commerce security.
The National Cyber Security Alliance (NCSA) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) offer tips for keeping you and your family safe online:
If you connect, you must protect. Whether it’s your computer, smartphone, game device or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software.
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media and any other service that requires logging in.
Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email or message is from ̶ even if the details appear accurate ̶ or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender.
Stay protected while connected. Before you connect to any public Wi-Fi be certain to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good cyber hygiene by avoiding sensitive activities (e.g., banking) that require passphrases or credit card numbers. Your personal hotspot is a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when shopping or banking online.
For more tips on staying safe online, I spoke with Kelvin Coleman, Executive Director of the National Cyber Security Alliance. A veteran of high-stakes cybersecurity posts at the White House and the U.S. Department of Homeland Security (DHS), Coleman has excelled in public and private sector leadership roles throughout his career of more than 20 years.
We know that there are many challenges that exist for keeping kids and teens safe online today. Tell us, what are some of the biggest challenges that you’ve seen so far from your end?
Kelvin: Well, I certainly can talk about some of the challenges we’ve seen to helping to keep people safe, and the one that comes to mind right away is just the availability of technology to young people. And by that, I mean you kind of get desensitized to the fact that you have to secure these devices. We are in a state of continuous connectivity. There’s no more going offline and online. We’re just constantly connected. And with that, being constantly connected it can lull you into a false sense of security that everything is okay and always will be. When no, we really have to promote educational awareness and training and how to stay safe while connected. And this month, Makeba, it’s just a great month to remind folks of that. This is our 16th year of celebrating National Cyber Security Awareness Month. This year we’re emphasizing personal accountability and stressing the importance of taking proactive steps to enhance cyber security at home and in the workplace.
And our driving theme for the month is, Own IT. Secure IT. Protect IT. And there are buckets and sub-levels under each of those three topics to help people stay safe while online.
Is there currently any pending legislation to help to improve the cyber safety for kids while at home and while at school?
Kelvin: Not really prepared to talk about any sort of pending legislation but I can tell you this, Congress is very active in this area. I was just on Capitol Hill on Friday where we co-hosted a National Cyber Security Awareness Month launch with the Cybersecurity Caucus on Capitol Hill led by Congressman Langevin. And it was a great participation up there, great involvement and engagement. And so I do know Congress is absolutely active in this area in trying to help protect Americans.
You mentioned personal accountability a few moments ago. We’ve definitely seen many instances where high-profile celebrities have been victims of identity theft and even blackmail, all from information transmitted by them online. So, we know if it can happen to celebrities, it can certainly happen to everyone else. What guidelines should both adults and kids follow to better protect themselves and their personal information online, especially on social media?
Kelvin: I think you said it best, Makeba, when you talked about these celebrities and they’re sharing so much information, they become easy targets or more attractive targets I should say, for bad actors because information equals value. Data equals value for these folks and the more they know about you, the more likely they are to target you.
[This is] What we try and tell folks, particularly young people, particularly as they use social media. This is a part of our Own IT category. In Own IT, we encourage young people to be very careful with their social media account. We remind them that every picture you post, every status you update, every piece of information you share, it lives on the Internet and for the world to see. There is no delete button on the Internet. Once you put it out there, it’s out there. And more and more people are using this platform. We know that 3.4 billion people worldwide now use social media websites. And this is an increase from around 10% of last year and we don’t see that subsiding. That’s only going to go up.
You think about here in the United States, on average, Americans have seven social media accounts. And you think about that for a second, for the average American. Now yeah, of course you may have three and someone else may have 10 and they equal seven at the end of the day. But that’s how many we have. And what we try to tell people is remember again, there is no delete button on the Internet. Share with care. Be sure that whatever you share, you feel comfortable with people knowing. We encourage people not to share personally identifiable information. Certainly, social security number, account numbers, if they can avoid sharing full name, address, place of work, place of school. Because again these are all pieces of information that bad actors can pick up on.
Now far be it for me to limit people in what they share, right? This is America and a free country and folks are able to share what they like to share. We just like to make sure folks understand the potential consequences of doing that. And in light of that, if you do want to share a lot then we ask you to consider updating your privacy settings, Makeba, on each site. Many sites, many devices, you are able to manipulate your privacy and security settings. In other words, who’s going to get this and what are they going to see and how are they going to see it? We say, “Hey. Make sure that you have your privacy settings at a level that’s comfortable for you and connect only with people that you trust when you do connect. I think that’s a big one for folks. Don’t just blindly accept folks as they try and connect with you because in some cases, they have nefarious intent. They have not so good intentions in trying to connect with you.
And lastly, speak up if you’re uncomfortable about something, particularly young people. If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let him or her know and likewise stay open-minded. If a friend approaches you and says, “Well, you posted something about me that made me uncomfortable.” And this isn’t necessarily saying that, “Oh, I don’t like Christina. And I think she was mean to me.” Nothing of that nature. I may be saying, “Hey, I’m meeting her at our favorite donut shop on 112th and Lenox or whatever and we meet there every Wednesday.” I’m putting stuff out there about my friend that is not my prerogative or right to do. And so, we say be careful when you’re even sharing about other people, including your children.
And we’ve also seen also in recent news, Kelvin, where connected home devices that are intended to help our daily lives are possibly putting us at risk by secretly recording, sharing private conversations without our knowledge. Or even allowing access to our devices from outside of the homes, and much more. And we talked about how to keep your family safe online. Can you tell us, is there anything that people can do to be more proactive at making their connected home devices more secure, to prevent those occurrences that we’ve been seeing lately from happening?
Kelvin: Yeah, what a great question because now you’re getting into the aspect of what’s commonly known as the Internet of Things, or IOT. With so many devices connected to the network these days, it’s just really becoming difficult to not be connected. And so, we really encourage folks to make sure that with many of these devices, all of them practically, you can shake up your password protocol. In other words, create a passphrase that’s unique and something that can’t be guessed. You can come up with your own system.
You can do things of that nature that you and your family agree upon so that passphrases are easier to remember. Because of course I can absolutely recognize that we have to remember a number of passphrases these days. You can come up with a system that can make it easier for you and your family to remember the passphrases to your different accounts. So that’s one low-hanging-fruit way to help protect yourself and to help mitigate against these challenges. Make sure that you have a strong and unique password to these devices.
[Additionally] Make sure that you’re keeping tabs on your apps that control these various appliances and devices connected to your Internet of Things home or your smart home. Many connected appliances, toys, even devices, are supported by these mobile applications. Your mobile device could be filled with apps running in the background or using default permissions, you’d never realize you approved. For example, you could have some apps that say, “Hey, we like to know where you’re located,” and there are places within your device where you can say, “No, I don’t want application X to know where I am at all times of the day.”
Now there are certain applications like the weather app perhaps, and the guide app, that travel app that’s maybe giving you directions. Yeah, there are certain apps where location is very important. But for many of them you can disable that and say, “Hey, I don’t want this app following me everywhere I go.” Because again, another vector for bad actors to use to locate you and even decide then, if you’re out then they’re going to maybe go to your home or something else of that nature. So, we really do encourage people as they look at their smart homes and Internet of Things to shake up the password protocol and make sure they’re keeping tabs on their apps.
I have a question from one of our teen community members. You answered the first part of the question a few moments ago, but I just want to also ask the second part of that question to get your expert advice. It reads, “As a high school student, our teacher requires us to create multiple accounts through different resources. How can teens make those passwords more secure for different sites; and is there an easy way to remember which site goes with which password?”
Kelvin: Yeah, that is really a great question. We have a number of options that we tell people they can consider. Including password managers. We’ve worked with a number of companies that, that’s what they do and how they help people out. Now of course password managers are not bulletproof by any means. They’re not foolproof I should say, by any means. But they do offer a way to manage the multiple passwords that we have.
Now the flip side is that you now have a place where all your keys are so you’d better make sure that one key that controls that pot of keys is a very, very strong key. And what I mean by that is a very strong password, very strong user identification that can give you access to those other things. So yeah, password managers are certainly something to consider.
Creating a unique phrase that only you would know about and varying, making slight changes to that for the different sites I think is another way to look at it. Now when I say that, I’m not saying, for one site, password, 1234. And then for the next site, password, 12345. You have to create a passphrase or something that no one would ever associate with you and you’re using that as your key to get into your different accounts. Unfortunately, there’s not an easy necessarily answer to this, but there are some very creative options to manage those things, including using a password manager.
Speaking of a password manager – especially for kids and teens who may try to search for a password manager themselves online – can you give some tips for how to identify not only a legitimately safe password manager, but also the one that would be best for their needs?
Kelvin: Yeah. Just like anything else in this area, we’d like you to do your homework and make sure that you’re talking to people. That’s the best way to find the best product. It’s just like anything else in life. You don’t necessarily go to the car dealership and buy the first car you find. You do your research and you find out the pluses and minuses of different cars.
I know a company that is on our board, LogMeIn, they recently acquired LastPass. And so we know through our process that they’re an extraordinarily reputable company. And there are a few others out there I think that will provide that vigorous, trusted protection you need.
But my advice there is to do your research, to go out and again, talk to different people that you trust. Go into your local technology shop that you trust. That’s the best way. Just like again, just like most things that we purchase, the best way to do is to talk to someone that you trust and come up with a solution by incorporating that into your process.
When it comes to managing location services for cell phones, is there anything that both parents and kids can do to successfully walk that fine line when it comes to location services on their phone to better secure their privacy?
Kelvin: Communicate. Speak with one another. Develop a plan that fits your family. Because I can right now tell you, “Oh yeah, this is what we do for my family. This is what I consider a best practice,” when really the best practice is what works for you and your family as long as you are of course utilizing the basic security protocols. Like strong passwords and making sure that folks understand that the location mechanism is only used for family and only used for those things that are necessary for families. To your point, keep tabs on each other and make sure they’re doing well and safe. Develop a family plan on what you feel comfortable with as you go forward and try and figure out how to really help keep your children safe and secure.
As a veteran of high stakes cyber security posts at both the White House and the U.S. Department of Homeland Security, tell us, outside of everything that we’ve discussed today, what final tips do you have for families to stay safe online?
Kelvin: Well, thank you Makeba for giving me this opportunity to do that because I’ll actually go back to my last answer. I can talk about passwords and I can talk about making sure that you keep a clean machine by updating your machine with the latest security software. I could talk about patches and privacy settings. But for families and their children, the biggest thing is that the family’s communicating, that they are talking, [and] that they have a family plan. Many families have developed a plan in case, God forbid, there’s a fire. “Where’s the fire escape and where do we go? Where’s our meeting point?”
Unfortunately, in school, kids are having to do active shooter drills. What to do in these situations? In some parts of our country they have tornado drills. In certain parts they have hurricane drills. In the same… And you talk about that and you educate the kids and you develop a plan in the same way you develop a plan in terms of the use of technology in your home. What’s going to be our proactive plan to manage our risk against bad actors? Because the first thing a family in Topeka, Kansas or Springfield, Illinois, Texas, or Texico, New Mexico, which is an actual place. The first thing these families may say is, “Hey, I’m not that interesting. No one wants to take my information.” And that couldn’t be further from the truth. Bad actors are constantly looking for vulnerable targets to compromise and confiscate their information.
The number one thing I advise for families is to make sure they’re developing a communication plan. Make sure they develop a plan period, so that they’re all on the same page as it relates to the use of technology.
Resources to help keep you and your family safe online:
- CISA has a complete guide to National Cybersecurity Awareness Month, with a complete toolkit, tips, graphics and a trivia game. Visit niccs.us-cert.gov/national-cybersecurity-awareness-month-2019
- Simple guide to download/print on how to create secure passwords: http://ow.ly/hDbR50wISJf
- The truth about social media bots: http://ow.ly/5pbg50wISO9
- Interactive guide and resources to help you engage your family in positive, lasting cybersecurity habits: http://ow.ly/2K6T50wISWC
- NCSA builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts designed to empower users at home, work and school. On a continual basis, NCSA provides the information needed to help keep individuals, organizations and their systems and sensitive information safe and secure online. In addition, fostering a culture of cybersecurity is strongly encouraged. For a variety of NCSA-recommended resources visit staysafeonline.org
- Powered by the U.S. Department of Homeland Security, the “BeCyberSmart” campaign is designed to inspire the younger generation of Americans to take responsibility for their own cyber safety. Learn about cybersecurity basics, common scams and how to report cybersecurity incidents by visiting the campaign online.
For more, visit: staysafeonline.org